Two new security related features to Blog about this week. First, Oracle Database 11g comes with a new view called DBA_USERS_WITH_DEFPWD. What is for you ask? This view will show you the user accounts that are assigned default passwords, like scott/tiger. You can therefore change those passwords and be more secure. This view has one column, USERNAME.
Also, passwords in Oracle Database 11g will be case sensitive now! When you upgrade, your old passwords will not be case sensitive, but the first time you change the password of an account after an upgrade it will become case sensitive. New accounts will be case sensitive out of the box. The parameter sec_case_sensitive_logon will be provided to disable/enable this feature.
One other note. All the features I'm discussing in this Blog at this point are from Beta code. They can change between now and the time production code comes out, so be aware.
More on this and many other Oracle Database 11g topics in my new book from Oracle Press, Oracle Database 11g New Features. Check it out!
[Post edited for spelling error]
Subscribe to:
Post Comments (Atom)
4 comments:
"sec_case_sensitivie_logon"
spelling mistake ?
How does this affect database clients ? As I understand it, the client doesn't simply send the entered password (or hash) to the database for validation. The client comes up with its own hash of the username/password and then there's a bit of a 'dance' with both client and server proving they know the same hash value.
Does that mean non-11g clients won't connect to 11g ?
It would appear to work fine with a 10.2 client. In this case the userid/password is robert/Robert:
Here we use the case sensitive password and it works:
C:\oracle\product\10.2.0\DB01\BIN>.\sqlplus robert/Robert@//192.168.255.133:1521/orcl
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Aug 8 00:14:04 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.5.0 - Beta
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.5.0 - Beta
With the Partitioning, OLAP, Data Mining and Real Application Testing options
Here we use the lower case (wrong) password and it does not:
C:\oracle\product\10.2.0\DB01\BIN>.\sqlplus robert/robert@//192.168.255.133:1521/orcl
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Aug 8 00:14:14 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Thanks, its nice to know
Good to see 11g comming up with case sensitive password. It was long overdue.
Post a Comment